Traefik和“让我们在非默认的HTTP端口80上加密"吗? [英] Traefik and Let's Encrypt on non default http port 80?
本文介绍了Traefik和“让我们在非默认的HTTP端口80上加密"吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我尝试设置测试容器以与traefik一起使用,并让其加密.
I tried setting up test container to work with traefik and lets encrypt.
Traefik不在默认端口80和443上运行.
Traefik is not running on default ports 80 and 443.
该服务器已经在本地安装了apache,反向代理ngnix和tomcat,因此端口:80、443和8080不可用.
The server already has apache, reverse proxy ngnix and tomcat locally installed so ports: 80, 443 and 8080 are not available.
据我了解的日志,关于ACME端口的配置有误.测试容器似乎已正确连接到入口点.
As far as I can understand the log, there is a misconfiguration concerning the ACME ports. The test container seems to get correctly wired to the entrypoint.
在这种情况下如何让加密和traefik正常工作?或者我做错了什么?
How do I get lets encrypt and traefik to work in this scenario or did I do something wrong?
我的 traefik.toml :
debug = true
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":50500"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":50501"
[entryPoints.https.tls]
[accessLog]
[retry]
[web]
address = ":50502"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
exposedbydefault = false
[acme]
email = "me@example.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
docker-compose.yml :
version: '2'
services:
traefik:
image: traefik:1.5.0
restart: always
ports:
- 50500:50500
- 50501:50501
- 50502:50502
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/someuser/traefik/traefik.toml:/traefik.toml
- /home/someuser/traefik/acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
运行docker logs traefik返回:
time="2018-01-25T16:10:09Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-neo4jtestcontainer":{"servers":{"server-neo4jtestcontainer":{"url":"http://172.19.0.3:7474","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-neo4jtestcont-example-com-0":{"entryPoints":["http","https"],"backend":"backend-neo4jtestcontainer","routes":{"route-frontend-Host-neo4jtestcont-example-com-0":{"rule":"Host:neo4jtestcont.example.com"}},"passHostHeader":true,"priority":0,"basicAuth":[]}}}"
time="2018-01-25T16:10:09Z" level=debug msg="Creating frontend frontend-Host-neo4jtestcont-example-com-0"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint http"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating entryPoint redirect http -> https : ^(?:https?:\/\/)?([\w\._-]+)(?::\d+)?(.*)$ -> https://$1:50501$2"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint https"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50500"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50501"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50502"
time="2018-01-25T16:10:09Z" level=debug msg="LoadCertificateForDomains [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="Looking for provided certificate to validate [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="No provided certificate found for domains [neo4jtestcont.example.com], get ACME certificate."
time="2018-01-25T16:10:09Z" level=debug msg="Loading ACME certificates [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:11Z" level=debug msg="Challenge Present neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=debug msg="Challenge CleanUp neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=error msg="map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/34234isdj0asdjf02302302930239: "<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta na"
Error Detail:
Validation for neo4jtestcont.example.com:80
Resolved to:
12.123.12.12
Used: 12.123.12.12
]"
time="2018-01-25T16:10:14Z" level=error msg="Error getting ACME certificates [neo4jtestcont.example.com] : cannot obtain certificates map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/gG9oE2XqNe1wIRoGOseLuesOlEMlWprH61keoAEwsQA: "<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta na"
Error Detail:
Validation for neo4jtestcont.example.com:80
Resolved to:
12.123.12.12
Used: 12.123.12.12
推荐答案
Let's Encrypt required the port 80 or 443 see https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72
这篇关于Traefik和“让我们在非默认的HTTP端口80上加密"吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
